We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting a mysterious hacker group that’s targeting software supply chains, more monster breaches, new class actions, multimillion-dollar settlements, third-party breaches, and more! Don’t miss the items in ORANGE below.

TECHNOLOGY
A Mysterious Hacker Group Is On a Supply Chain Hijacking Spree

Over the past three years, supply chain attacks that exploited the software distribution channels of at least six different companies have now all been tied to a single group of likely Chinese-speaking hackers. Click to read entire article.

Report: Unknown Data Breach Exposes 80 Million US Households

Known hacktivists Noam Rotem and Ran Locar discovered an unprotected database impacting up to 65% of US households. Hosted by a Microsoft cloud server, the 24 GB database includes the number of people living in each household with their full names, their marital status, income bracket, age, and more. Click to read entire article.

CONSTRUCTION
Oregon Construction Contractors Board reports data breach

The Oregon Construction Contractors Board said Friday it has discovered a security breach involving 8,013 online contractor accounts. Unauthorized individuals gained access to some contractors’ usernames and related password information. Click to read entire article.

FINANCIAL SERVICES
Credit Union Sues Fintech Giant Fiserv Over Security Claims

A Pennsylvania credit union is suing financial industry technology giant Fiserv, alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. Click to read entire article.

FirstBank Says Breach Was Related To Merchants’ Systems Where Account Holders’ Debit Cards Were Used.

So Far 50 Customers’ Cards Compromised; Number Could Rise.
After a news report on The Consortium this morning revealed what FirstBank has described as an external security breach that prompted the bank to cancel debit cards of affected account holders, the bank’s marketing and communications manager in the Virgin Islands, Alana Alexander, shared more details about the breach, including the number of customers affected, and the nature of the breach. Click to read entire article.

HEALTHCARE
OCR Settles with Touchstone Medical for $3M After Health Data Breach

A misconfigured FTP breached the data of about 307,000 Touchstone Medical patients; the subsequent OCR investigation found issues with business associate agreements, timely notification, and risk assessments, among others. Click to read entire article.

Class-action lawsuit filed against Massachusetts-based healthcare provider over data breach

A class action suit has been filed against Baystate Health after the data of 12,000 patients was left vulnerable following a February phishing attack. Click to read entire article.

UCSD Has Not Told Women With HIV Of Data Breach, Despite Researchers’ Pleas

University of California, San Diego officials stonewalled attempts to notify women in an HIV research study that their confidential data was breached more than seven months ago, an inewsource investigation has found. Click to read entire article.

RETAIL
Eddie Bauer Reaches $9.8M Settlement Over Data Breach

Eddie Bauer agreed to a settlement with Iowa-based Veridian Credit Union over a class action lawsuit related to a 2016 data breach, according to documents filed in the U.S. District Court for the Western District of Washington. Click to read entire article.

HIGHER EDUCATION
Georgia Tech data breach exposes information of up to 1.3M people

Georgia Tech is working to repair the damage created by a cybersecurity breach that may have exposed personal information for up to 1.3 million current and prospective students, faculty, staff and more. Click to read entire article.

University of Alaska – Notice of Data Breach

The University of Alaska is notifying potentially affected students and individuals after an investigation into a data privacy incident involving potential unauthorized access to certain UA email accounts. Click to read entire article.

CHILDREN’S PRIVACY / COPPA
Data Security at Issue in FTC’s Latest COPPA Action

The FTC settled an enforcement action against Unixiz, Inc., operator of the website i-DressUp.com, over several aspects of the site that failed to comply with the Children’s Online Privacy Protection Act (COPPA). i-DressUp has agreed to pay a $35,000 fine to settle the dispute. Click to read entire article.

CANADA
$100-million class action lawsuit filed in Calgary over Marriott Hotels data breach

The massive data hack of guest information from the Marriott hotel empire has triggered a $100-million class action lawsuit in Calgary. Click to read entire article.

Freedom Mobile hit by data breach, company says up to 15,000 customers affected

Freedom Mobile confirmed Tuesday it had a data security breach from late March to late April, but the wireless carrier said only about 15,000 customers were affected — far fewer than an outside research firm’s estimate. Click to read entire article.

EUROPE / UK
Airbus, Porsche, Toshiba And Volkswagen Data Stolen In Massive Breach — What You Need To Know

You may not have heard of Citycomp, an IT infrastructure provider based in Germany, but you will have heard of its customers. Spread across 75 countries, these include Airbus, Porsche, Toshiba and Volkswagen. So when Citycomp published a statement that it had “successfully fended off a hacker attack,” you might think that was good news. Unfortunately for its customers, not so much it turns out. Click to read entire article.

Ulster Bank says it’s ‘unacceptable’ a data breach resulted in its former customers’ details being compromised

THE ULSTER BANK head has said it is ‘unacceptable’ that some of its former customers’ personal details were compromised after the bank sold on the loans. Click to read entire article.

ASIA PACIFIC
Massive data breach costs valuer LandMark White $7m

Embattled ASX-listed property valuation firm and hacking target LandMark White has put the cost of the customer data theft perpetrated against it at around $7 million, based on the loss of work it suffered after being suspended from bank supplier panels. Click to read entire article.

Hackers Access Over 461,000 Accounts in Uniqlo Data Breach

Fast Retailing, the company behind multiple Japanese retail brands, announced that the UNIQLO Japan and GU Japan online stores have been hacked and third parties accessed 461,091 customer accounts following a credential stuffing attack. Click to read entire article.

Over 10 million people hit in single Australian data breach: OAIC

The latest quarterly data breach report from the Office of the Australian Information Commissioner (OAIC) has revealed over 10 million individuals had their information compromised in one single incident. The current population of Australia is around 25.4 million. Click to read entire article.